User- Centred Identity Management: Evaluating the Role of the Browser

Transcription

1 User- Centred Identity Management: Evaluating the Role of the Browser Rebecca Cottrell Project report submitted in part fulfilment of the requirements for the degree of Master of Science (Human-Computer Interaction with Ergonomics) in the Faculty of Life Sciences, University College London, NOTE BY THE UNIVERSITY This project report is submitted as an examination paper. No responsibility can be held by London University for the accuracy or completeness of the material therein. 1

2 ACKNOWLEDGMENTS I would like to thank: Adrian Rahaman and Angela Sasse for their supervision and advice, Luke Church and Ben Davies for giving their comments on the draft, David Gilbert, Tantek Çelik, and Ben Ward for listening to my ideas and providing me with new directions and leads, Participants who took part in the study, Rachel Benedyk and UCL Interaction Centre for the flexibility that allowed me to complete this project on an unusual schedule. 2

3 ABSTRACT This project explored the role of the browser in user-centred identity management. Identity management refers to representation of people and other entities in computer networks, providing a basis for reputation ownership and authorization (Jøsang et al., 2005). Authentication is central to identity management systems, allowing service providers to verify users and mediate access to certain resources. Identity management systems are scalable and costeffective for service providers, but not necessarily for humans (Jøsang & Pope, 2005). Users are issued with an identifier and a password for each service they transact with. This becomes problematic for users, who manage 25 accounts on average (Florêncio & Herley, 2007). While credential management is difficult for users, the web identity experience creates other usability problems. Interfaces for logging in and creating accounts vary from service to service, forcing users to relearn the interface for every site. Users are taught to type their name, secret passwords, and personal information into any input form that appears on their screen, with no comprehensible framework for evaluating the authenticity of a service (Cameron, 2005). The study evaluated user perceptions toward the browser as a usable identity buffer, or layer, that provides a predictable and consistent mechanism for logging in, creating accounts, and managing existing accounts. Ten participants were interviewed during a two-part study. The first part explored the strategies employed and difficulties participants experienced with managing their online accounts. The second part evaluated a browser prototype, which comprised a Think Aloud session with using a browser prototype for three key identity management tasks. The study revealed a range of complex strategies that participants employ to manage their credentials. Participants indicated a preference to develop personal techniques for account management, in contrast to using dedicated password management software. However, participants were generally receptive to the idea of using the browser to manage their credentials, with some favouring specific use cases over others, and expressing security concerns with the current design. The study led to a number of insights on the subject of usercentred identity management, including perceptions to federated identity, and participants comfort when using their real name in online interaction. The study highlighted avenues for future research and design implications for user-centred identity management. 3

7 Chapter 1. Introduction Identity management refers to the representation and recognition of entities in computer networks (Jøsang, Fabre, Hay, Dalziel & Pope, 2005). Identity representation is fundamental in electronic interaction, providing a basis for reputation ownership, access control, and authorization (Jøsang et al., 2005). Authentication is a significant part of identity management, and refers to the technical mechanism that allows users to tell services who they are. It provides a mechanism to control access to services and resources, and answers the questions: 1. Who is the user? 2. Is the user really who they represent themselves to be? Cameron (2005, 2006) defined a central problem statement for web identity: the Internet was built without a way to know who and what you are connecting to. With this native identity layer missing, web services have created what Cameron dismisses as ad hoc workarounds, with usability problems that creates a cost for both users and businesses. Jøsang and Pope (2005) argue that the common architecture of web identity has tended to favour service providers over people. Identity management systems are cost-effective and scalable for the service providers, but not necessarily for humans: the major model of web identity requires users to manage a growing number of credentials. While identity on the server side has been automated, users are still expected to cope with credentials through memorisation. Two major models of identity architecture are defined: the isolated user identity model, and the federated user identity model (Jøsang and Pope, 2005). In the first model, the most common, the service provider acts as identifier provider and credential provider. In the latter model, a user authenticated with one service is considered authenticated by another, effectively reducing the number of credentials the user has to manage. The federated model has sought to address the inefficiencies with the isolated model, yet implementations such as OpenID have been shown to miss the mark in providing a cohesive user-centred solution to web identity (Yahoo!, 2008; Sun et al., 2010). Research on authentication usability has tended to focus on passwords, and less on the wider aspects of web identity usability. A distinct problem is how to assist users with managing an increasing number of credentials for disparate services. In addition to a password, users manage a service name, a unique identifier, and the combination of this information. The average user manages 25 web accounts (Florêncio & Herley, 2007). Passwords are expected to remain memory-based information. Research on human memory, as well as ethnographic 7

8 observations of user behaviour, indicates that credential memorisation is not a reasonable expectation for users (Adams & Sasse, 1999; Anderson, 2001). The role of the browser in providing a usable buffer between user and service provider has received only a little attention from researchers in HCI. While password management programs provide system support for users, the standalone nature requires tasks to be interrupted in order to claim a password. Browser add-ons improve this by providing contextual support, but are limited to expert users. This project evaluates an integration of identity with the browser that provides identity support as a basic standard, increasing exposure and accessibility to web identity management. It evaluates the browser s role in minimising the problems users have with managing a growing number of credentials, providing a consistent user interface for authentication, account creation, and account management. The project is divided into 6 chapters. Chapter 2 is a synthesis of research on identity management, outlining frameworks that inform and evaluate identity systems, reviewing and discussing the advantages and disadvantages of approaches that have aimed to improve identity management usability. The final part of chapter 2 identifies a research gap. Chapter 3 addresses the gap, describing the rationale behind a browser prototype design decisions, and the study methodology for evaluating identity management in the browser. Chapter 4 presents an analysis of the study results in two parts: the first part discusses the themes that arose during semi-structured interviews around users struggles with and perceptions to identity management; the second part discusses the themes that arose during a task-based Think Aloud evaluation session with the browser prototype. Chapter 4 discusses the implications for design, and chapter 5 sums up the project with central takeaways in the conclusion. 8

9 Chapter 2. Literature Review The focus of the project is user-centred identity management. The literature covered here provides background and context to central issues in identity management, which leads to the definition of a research gap and the evaluation of a browser-based identity management solution. This chapter explores the concept of identity at a high level: the principles that inform identity systems on and offline (2.1), and at a low level: identity usability issues that directly affect users in a web context (2.2). It highlights a research gap (2.5) and helps to set the scene and provide context for the evaluation of user identity that is managed in the browser, covered in chapters 3 and Identity and identity systems Introduction Historically identity systems have served the purpose of mediating what an individual can or cannot do in a social environment. Many organisations seek to obtain proof of individuals identities to ensure their rules are followed (Rahaman & Sasse, 2010). This is no less true for identity systems on the web, which share the same basic principles. Poorly implemented identity systems have a negative impact on community wellbeing, undermine trust, and detract from public value (Inglesant & Sasse, 2007). Web identity systems introduce their own set of complicating factors. Users are apprehensive about sharing information with web services, which is fed by their lack of control over what happens to their data after it is sent. Users respond to these fears by providing fictitious information, rejecting cookies, or avoiding transactions with certain web services (Lwin, Wirtz & Williams, 2007). While user information is subject to data laws including the UK Data Protection Act (DPA), FTC Fair Information Practices (FIP), and the Global Privacy Standard (GPS), there are softer guidelines and principles that steer identity systems toward a human-centered focus, and help to reassure users about the credibility of a service The laws (and flaws) of identity management systems Cameron specifically addresses the problem of web identity in The Laws of Identity, defining seven principles that are used to inform a web identity metasystem. Cameron defines an identity metasystem to mean an interoperable architecture for digital identity that enables people to employ a collection of digital identities based on multiple underlying technologies, 9

10 implementations, and providers (Microsoft, 2005). Cameron defined a central problem statement for web identity: The Internet was built without a way to know who and what you are connecting to (Cameron, 2005). With this native identity layer missing, Cameron argues, web services have come up with ad hoc workarounds. As a consequence, the identity experience for users is inconsistent and fragmented across silos: identity on the web is like a patchwork of one-offs. Ad hoc identity solutions have a number of negative implications for users, who are burdened [ ] with different experiences at each website, have no way of controlling or remembering different aspects of their digital identities, and lack a reliable means of checking whether a web service is authentic. Users have been led to expect an inconsistent experience and have been taught bad habits: they are trained to enter their names, secret passwords, and identifying information into almost any input box that appears on their screen (Cameron, 2005). Businesses, too, suffer negative consequences: ad hoc solutions render the system as a whole fragile, and constrain the fuller realization of the promise of e-commerce (Cameron, 2005). Cameron s laws aim to guide the design of a metasystem that will provide Internet users with a deep sense of safety, privacy, and certainty about whom they are relating to in cyberspace. They hint at the challenges involved in designing an identity metasystem, with a plurality of technologies to consider while supporting the users needs to control her identity and information: 1. User Control and Consent 2. Minimal Disclosure for a Constrained Use 3. Justifiable Parties 4. Directed Identity 5. Pluralism of Operators and Technologies 6. Human Integration 7. Consistent Experience Across Context Playing on the title of Cameron s framework, The Seven Flaws of Identity Management (Dhamija & Dusseault, 2008) identify seven problem areas that identity management systems need to address: 1. Identity management is not a goal in itself Users are focused on primary tasks, which should be facilitated by the identity management system. 10

11 The identity management system itself should be something users want. Security and identity management are secondary goals for users. 2. Users follow the path of least resistance Systems are more likely to be adopted if they are easy to download, install, and configure, including the authentication process and password interfaces, which must become as easy as today's standard login to successfully compete. Identity management should be integrated into the operating system or browser, so that users don't need additional software or incur additional costs. Make the path of least resistance the secure path. 3. Cognitive scalability is as important as technical scalability Users face a burden of managing an increasing number of identifiers. To reduce the memory burden, users reuse passwords for various accounts and, when possible, choose the same or similar login names. OpenID purports to solve this problem, but the implemented system imposes a high cognitive burden on users. Focusing on cognitive scalability, in addition to technical scalability, is key to the success of identity management systems. Reduce cognitive burden. Evaluate how your system will be used in the larger context of other systems. 4. User consent could lead to maximum information disclosure Users often encounter security-warning dialogs and consent to end-user license agreements without understanding what they have read or consented to. Asking for user consent more frequently only overwhelms users with more choices. Reduce the number of trust decisions users have to make. Don't try to achieve consent by overwhelming users with more warnings, dialogs, and indicators. 5. We need mutual authentication (not just user authentication) Phishing attacks illustrate that it's equally important for the user to authenticate the IdP and RP. User interfaces must be difficult to spoof and should help users know they're communicating with the intended party. 11

12 Support mutual authentication and help users detect spoofing attacks. Assume that the system and users will be attacked and design with this in mind. 6. RPs want to control the customer experience One obstacle is that RPs want to control the customer experience for many reasons, including usability, privacy, and security. RPs might be reluctant to participate in redirect-based schemes. Once a user s attention has been redirected, there s a possibility that he or she might not return. Offer RPs some control over the customer relationship, security of their accounts, and user experience. 7. Trust must be earned (and is hard for users to evaluate) Deciding who to trust is a difficult decision involving risk assessment. Authentication schemes can be flawed, attacked, or poorly implemented. Be vigilant about security risks and conservative with security claims. Solicit expert security reviews and usability analyses before deploying systems. Finally, Dhamija and Dusseault (2008) argue that to become a ubiquitous and wellunderstood technology, identity systems must integrate seamlessly into websites, be natively supported by web tools, and strike the right balance between usability, privacy, and security A lived experience of identity Rahaman and Sasse (2010) bring a different perspective and new principles to analyse the properties of identity systems. For example, they argue that Cameron s 2 nd and 3rd laws of minimal disclosure and justifiable parties do not go far enough to understand why an individual would be reluctant to share information with a third party. A framework for understanding a lived experience of identity helps evaluators understand a range of properties of an identity system that has an impact on the individual. The framework introduces 9 properties that can be used to analyse an identity system: Control Points Subject Engagement The situations in which an individual s identity is required in order to proceed with a particular function. Whether an individual is an active or passive participant in the use of the identity. 12

13 Identity Exposure The level to which identity information is exposed to third parties. Expert Interpretation The amount of human activity required to collect and use identity information. Population Comprehension Information Accuracy Information Stability The level of understanding that the population at large has of the techniques and technologies used for identification. The reliability of the information that is collected, stored and used in the identity system. The rate with which the information stored in an identity system changes over time Subject Coupling Information Polymorphism The degree of representativeness between the captured identity and the relevant partial identity of the individual in relation to the purpose and context. The degree to which information can be used for different purposes. The properties together yield insights about why an identity system fails to meet the needs of users. In the case of the Austrian Citizen Card, the low system uptake is linked to the low benefit for individuals, as there are few instances where they can make use of their identity (low number of Control Points), lack of understanding around digital signatures (high Expert Interpretation), and a low level of Subject Engagement made for a system that neither met users needs nor motivated them to make use of their digital signatures (Rahaman & Sasse, 2010). The framework applied to a Facebook case study helps to explain the strong negative response from users after the News and Mini Feeds were introduced in The News Feed reported stories that Facebook users generated when they modified their profile information, added a friend, or changed their relationship status. These stories were reported on the users Mini Feed on their profile, and to the central News Feed on the homepage of the service. The introduction of the News and Mini Feeds created a strong backlash from users with the creation of Facebook groups protesting the changes: Students Against Facebook News Feed and I Hate the New Facebook Format. While many properties of the system remained identical, and no new information had been made public, the introduction of the feeds had suddenly increased 13

14 the Control Points of a user s identity. Many users were unhappy with the sudden changes and felt that their privacy had been compromised (Hoadly, Xu, Lee, & Rosson, 2009) Identity models and architecture Understanding models of identity management on the web is central to understanding its usability problems. This section describes two major identity models and the problems associated with them. First, it is useful to define what an identity means in terms of computer networks. An identity is a representation of an entity in a specific domain. It is usually related to a real world entity such as a person or an organization, and consists of a set of characteristics. For a web service user, an identity might constitute a username, password, and some information such as date of birth and a secret password question. Jøsang and Pope (2005) define a basic architecture of identity as being made up of entities, identities, and identifiers (figure 1). An entity could be a person or an organisation, and may have multiple identities, with each identity consisting of multiple identifiers: Figure 1. Correspondence between entities, identities, and identifiers (Jøsang & Pope, 2005) The ability to represent entities is fundamental in online interaction, as it provides a basis for other security constructs such as reputation ownership and access control (Jøsang and Pope, 2005). Authentication is a key part of identity management, and is a mechanism that allows services to obtain answers to these questions about a user s identity: 14

15 1. Who is the user? 2. Is the user really who they represent themselves to be? Authentication systems are based on the user providing evidence that they are who they say they are. An identifier is supplied to answer the first question; users are then verified on the basis of providing a physical token or secret knowledge that uniquely distinguishes them (Ciampa, 2010). Passwords are the most common authentication mechanism (Zhang, Luo, Akkaladevi, & Ziegelmayer, 2009). While passwords are a significant part of the problem with credential management, another problem identified by Jøsang and Pope (2005) is in the architecture of identity on the web. Jøsang and Pope (2005) describe identity management systems as service provider-centric: they have been designed to be scalable and cost-effective for service providers, but not necessarily for users. The isolated web identity model entails the service provider acting as both credential provider and identifier provider to its clients, and the user manages separate credentials for each service they sign up with (Jøsang and Pope, 2005). Figure 2 is a diagram that shows how the isolated user identity model works. This model requires users to manage credentials for each service they transact with, which creates a problematic situation as the number of credentials increases. Figure 2. The isolated user identity model (Jøsang & Pope, 2005) Passwords are chosen by the user in accordance with some guidelines or generated algorithmically, and are intended to reside only in the user s memory. Comprehensive literature supports the view that users are overwhelmed by password policies, and the difficulty of choosing, remembering, and maintaining a growing number of accounts (Florêncio & Herley, 2010). In response to these difficulties, users select passwords based on words that are easy to 15

16 remember, write passwords down, and reuse passwords they can remember (Adams & Sasse, 2001; Anderson, 2001; Gaw & Felten, 2006). The average user types their password 8 times per day, owns 6.5 passwords, and shares them between 3.9 different accounts (Florêncio & Herley, 2007). Passwords are forgotten: approximately 1.5% of Yahoo users forget their passwords each month (Florêncio & Herley, 2007). Numerous alternatives to using alphanumeric passwords have been explored, but barriers prevent moving beyond them: diversity of requirements, competing technical proposals, competing goals among stakeholders, scarcity of loss data, user reluctance, and inability of a single organization to impose a solution (Herley, Oorschot, & Patrick, 2009). There is a conflict between security rules and what people actually do (Adams & Sasse, 1999; Anderson, 2008; Florencio & Herley, 2007; Herley, 2009). Security practices are undermined because the human requirements for password systems are not being met (Adams & Sasse, 1999). Successful password management is evidently achieved through a combination of memory, paper transcripts, trial and error, and password resets (Florêncio & Herley, 2007). With users managing an average of 25 different web accounts (Florêncio & Herley, 2010), it is no longer be reasonable to expect users to memorise credentials. As the number of managed accounts increases, so does the demand on memory (Adams & Sasse, 1999). Jøsang and Pope (2005) argue that identity systems on the server side has been automated to manage identities and authentication, so it is therefore natural to expect automation and system support of identity management on the user side. The next section discusses the federated user identity model as a contrast to the isolated user identity model. 16

17 2.3. Federated user identity model Motivated by some of the inefficiencies with the isolated user identity model, the federated user identity model aims to simplify the management process for users. Jøsang and Pope (2005) note that despite the motivation to improve on the isolated user identity model, it is far-fetched to expect a single federation domain to exist for all service providers on the web. Figure 3. The federated user identity model (Jøsang & Pope 2005) Federated identity protocols allow a user who is successfully authenticated with one service provider to be considered authenticated by other service providers (figure 3). In these models there is usually only one party responsible for allocating credentials and performing authentication. SSO and federated identity models differ in one respect: with SSO there is no mapping of user identifiers as the same identifier is used by every service provider (Jøsang & Pope, 2005). Protocols for SSO and federated identity represent an ecosystem including Facebook Connect, OpenID, SAML (Security Assertion Markup Language), and others. The following section discusses OpenID, which had been regarded as a promising implementation of SSO and an example of the federated user identity model. Focusing on OpenID in particular helps to illustrate some of the challenges that federated models of user identity face OpenID OpenID is an open authentication protocol that allows users to elect a chosen Identity Provider, or even set up their own. The non-proprietary aspect of the protocol sets OpenID apart from proprietary SSO protocols like Microsoft Live ID (previously Passport) or Facebook 17

18 Connect. To authenticate with OpenID, users enter their OpenID identifier on supporting sites. The identifier usually takes the form of a URL (Uniform Resource Locator). It may also take the form of a XRI (Extensible Resource Identifier) i-name. OpenID is made up of a number of elements that are defined below: User The individual who has signed up for an OpenID account to access a number of different domains. User agent The web browser that implements HTTP/1.1 Identifier The URL or XRI that identifies the user Identity Provider (IdP) The service that assigns a user with an identity and performs the authentication process Relying Party (RP) The third-party service that delegates authentication to the Identity Provider OpenID is available on 50,000 websites, and there exist over a billion OpenID enabled URLs (2011). It is supported by popular and influential web companies including Google, Yahoo, AOL, IBM, Microsoft, PayPal, VeriSign, LiveJournal, and others (2011). OpenID s vision is to reduce frustrations with managing identity on the web. It provides an open protocol for SSO, enabling a consistent and durable identity (or identities) that can be reused across the web. A user signing up for a new account with a RP using OpenID would perform the following steps: 1. Enters OpenID URL on RP site 2. Redirected to IdP to login 3. Confirms authentication with IdP 4. Confirms they want to create a new account with RP site 5. Successful registration If the user is already logged into their IdP while accessing the RP, they are able to skip the login step. The OpenID website advertises the benefits of using it as accelerating sign up, reducing frustration with account management, allowing independent identity control, and improving password security. 18

19 OpenID has not been entirely successful in providing a solution to the issues associated with the isolated user identity mode. Despite support from large Internet companies including Google, Yahoo, AOL, and others, OpenID has struggled to attract a critical mass with users and RPs. The problem has been defined as a chicken and egg problem with RPs lacking an incentive to implement OpenID on their websites, and users unwilling to adopt SSO if it is used by only a few RPs (Sun, Hawkey & Beznosov, 2010). Apart from a lack of incentive to use it from both users and RPs, OpenID adoption is hampered by other problems related to security, the time required to learn it, and its poor user experience. Phishing risks are increased by its user experience, especially its use of redirects. A malicious site could discover the users OpenID provider and redirect them to a fake provider, which proxies the real provider, stealing users credentials. The time and cognitive load required for new users to learn OpenID is greater than simply falling back on what they are used to in terms of authentication. Other user experience relate to its user interface, discoverability, and disruptive experience. Users are interrupted from tasks after OpenID fails to return them immediately to the task at hand (Yahoo!, 2008). A design problem is in how the OpenID user interface (UI) should be implemented alongside the traditional authentication user interface, which has evolved over time after the initial implementations of OpenID. The first OpenID UI implementations were simply an input box where a user could enter their IdP URL. The concept of authenticating with a URL is difficult for users who have learned to sign into a service by entering a username and password; anticipating this issue, buttons were introduced for common IdPs in hope that the usability would be improved. This introduced a problem of too many choices for the user. This overwhelming array of buttons-as-choices with IdP logos being coined the NASCAR problem (Messina, 2009), which is named after the advertising logo-covered NASCAR racecars. Figure 4 shows an example of the so-called NASCAR problem. 19

20 Figure 4. The NASCAR problem: giving the user too many choices with an array of OpenID provider buttons. There have been efforts to minimize the usability problems described above. Sun, Hawkey, and Beznosov (2010) address the central issues of poor user experience and a lack of incentive for RPs to support OpenID by proposing a browser-based SSO solution. This solution requires only minimal interaction from the user, and provides RPs with a clear incentive for supporting OpenID. Sun et al. argue that the SSO-enabled browser would help increase adoption of SSO by highlighting it as an alternative to conventional authentication. By integrating SSO with daily web-browsing activities, the browser would drive use of SSO to reach a necessary critical mass that would overcome the resistance of content providers to become RPs. Other efforts focus on pragmatic, incremental improvements for OpenID implementations in practice. The Internet Identity Research team at Google has experimented with modifying user interfaces to encourage the use of OpenID passively, requiring fewer interactions from the user to use OpenID, and subtly challenging the status quo of passwords. The aim of these experiments is to bolster the adoption of SSO without interfering with the experience users are familiar with (figure 5). 20

Addressing threats to real-world identity management systems Wanpeng Li and Chris J Mitchell Information Security Group Royal Holloway, University of London Agenda Single sign-on and identity management

Enterprise effectiveness of digital certificates: Are they ready for prime-time? by Jim Peterson As published in (IN)SECURE Magazine issue 22 (September 2009). www.insecuremag.com www.insecuremag.com 1

Single Sign On and ID Management Single Sign On SSO & ID Management for Web and Mobile Applications Presenter: Manish Harsh Program Manager for Developer Marketing Platforms of NVIDIA (Visual Computing

Identity Management Critical Systems What is Identity Management? Identity: a set of attributes and values, which might or might not be unique Storing and manipulating identities Binding virtual identities

Introduction to THE LEADER IN API AND CLOUD GATEWAY TECHNOLOGY Introduction to Introduction In today s world of rapidly expanding and growing software development; organizations, enterprises and governments

OpenID and SAML Fiona Culloch, EDINA EuroCAMP, Stockholm, 7 May 2008 What is OpenID for? In principle, an OpenID is a universal username, valid across multiple, unrelated services E.g., I have fculloch.protectnetwork.org

Guide To Keeping Your Social Media Accounts Secure Social media is an integral part of the strategic communications and public affairs missions of the Department of Defense. Like any asset, it is something

Seven Ways to Create an Unbeatable Enterprise Mobility Strategy A practical guide to what business and IT leaders need to do NOW to manage their business s mobile future By Arun Bhattacharya, CA Technologies

Table of Contents Note: To quickly navigate to the answer, click on the question. What is Multi-Factor Authentication (MFA) and its purpose?... 2 This is my first time accessing the online application.

Enterprise SSO Manager (E-SSO-M) Many resources, such as internet applications, internal network applications and Operating Systems, require the end user to log in several times before they are empowered

Safewhere*Identify 3.4 Release Notes Safewhere*identify is a new kind of user identification and administration service providing for externalized and seamless authentication and authorization across organizations.

Active-client based identity management Chris Mitchell Royal Holloway, University of London www.chrismitchell.net 1 Acknowledgements This is joint work with Haitham Al-Sinani, also of Royal Holloway. 2

CA Nimsoft Service Desk Single Sign-On Configuration Guide 6.2.6 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation

Addressing threats to real-world identity management systems Wanpeng Li and Chris J Mitchell Information Security Group Royal Holloway, University of London Agenda Single sign-on and identity management

QR-SSO : Towards a QR-Code based Single Sign-On system Syamantak Mukhopadhyay School of Electronics and Computer Science University of Southampton Southampton, UK sm19g10@ecs.soton.ac.uk David Argles School

managing SSO with shared credentials Introduction to Single Sign On (SSO) All organizations, small and big alike, today have a bunch of applications that must be accessed by different employees throughout

State of Hawaii Excellence in Technology Award Nomination Single Sign On (SSO) for the Hawaii State Department of Education Cross-Boundary Collaboration and Partnerships Data, Information and Knowledge

Using SAML for Single Sign-On in the SOA Software Platform SOA Software Community Manager: Using SAML on the Platform 1 Policy Manager / Community Manager Using SAML for Single Sign-On in the SOA Software

Chapter 4 Network-based Access Control 4.1 Rationale and Motivation Over the past couple of years, a multitude of authentication and access control technologies have been designed and implemented. Although

and s Branch Glossary of Key Terms The terms and definitions listed in this glossary are used throughout the s Package to define key terms in the context of. Access Control Access The processes by which

Pay Reply website Privacy Policy This page provides an outline of the way the personal data of Pay Reply website visitors is managed. This notice is also provided according to the terms of art. 13 of Italian

SAML AS AN SSO STANDARD FOR CUSTOMER IDENTITY MANAGEMENT How to Create a Frictionless, Secure Customer Identity Management Strategy PART 1: WHAT IS SAML? SAML in Context Security Assertion Markup Language

System Requirements General Requirements Web Conferencing Version 8.3 Troubleshooting Guide Listed below are the minimum requirements for participants accessing the web conferencing service. Systems which

Dropbox for Business Secure file sharing, collaboration and cloud storage G-Cloud Service Description Table of contents Introduction to Dropbox for Business 3 Security 7 Infrastructure 7 Getting Started

SOLUTION BRIEF: PROTECTING ACCESS TO THE CLOUD........................................ How to Provide Secure Single Sign-On and Identity-Based Access Control for Cloud Applications Who should read this

Discovering IAM Solutions Leading the IAM Training @aidy_idm facebook/allidm SSO Introduction Disclaimer and Acknowledgments The contents here are created as a own personal endeavor and thus does not reflect

White Paper Intel Information Technology Computer Manufacturing Security Improving Security and Productivity through Federation and Single Sign-on Intel IT has developed a strategy and process for providing

Application Instructions for Global UGRAD 2016-2017 Portal Step-by-Step I. REGISTERING FOR THE PROGRAM Google Chrome and Mozilla Firefox work best when completing the UGRAD application. We do NOT recommend

OpenID and identity management in consumer services on the Internet Kari Helenius Helsinki University of Technology kheleniu@cc.hut.fi Abstract With new services emerging on the Internet daily, users need

RECOMMENDED CHARTER FOR THE IDENTITY ECOSYSTEM STEERING GROUP 1. Identity Ecosystem Steering Group Charter The National Strategy for Trusted Identities in Cyberspace (NSTIC or Strategy), signed by President

User s Guide Microsoft Social Engagement 2015 Update 1 Version 2.0 1 This document is provided "as-is". Information and views expressed in this document, including URL and other Internet Web site references,

QualysGuard SAML 2.0 Single Sign-On Technical Brief Introduction Qualys provides its customer the option to use SAML 2.0 Single Sign On (SSO) authentication with their QualysGuard subscription. When implemented,

Privacy and Security Advantages of Social Login White Paper User Management Platform for the Social Web white paper Privacy and Security Advantages of Third-Party Authentication The practice of implementing

Identity and Access Management (IAM) Across Cloud and On-premise Environments: Best Practices for Maintaining Security and Control agility made possible Enterprises Are Leveraging Both On-premise and Off-premise

Getting Started with AD/LDAP SSO Active Directory and LDAP single sign- on (SSO) with Syncplicity Business Edition accounts allows companies of any size to leverage their existing corporate directories

Convenience and security ControlSphere is a computer security and automation solution designed to protect user data and automate most of authentication tasks for the user at work and home environments.

Preventing the Revealing of Online Passwords to Inappropriate Websites with LoginInspector Chuan Yue University of Colorado Colorado Springs 26th Large Installation System Administration Conference (LISA